Which parameters should be specified to accomplish this in the MOST efficient manner?
A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.
Which parameters should be specified to accomplish this in the MOST efficient manner?
A . Specify ‘*’ as the principal and PrincipalOrgld as a condition.
B . Specify all account numbers as the principal.
C . Specify PrincipalOrgld as the principal.
D . Specify the organization’s management account as the principal.
Answer: A
Explanation:
To ensure that all users within the AWS Organization have read-level access to a specific Amazon S3 bucket, while preventing access outside the organization, you can specify a wildcard principal ("Principal": "*") and use the PrincipalOrgId condition key in the bucket policy.
Specify the Principal:
Use "Principal": "*". This means that any principal can access the bucket, but the actual access will be controlled by the condition.
Add Condition with PrincipalOrgId:
Add a condition to restrict access based on the PrincipalOrgId. This condition ensures that only the principals from the specified AWS Organization can access the bucket.
Example bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket-name/*",
"Condition": {
"StringEquals": {
"aws:PrincipalOrgID": "o-exampleorgid"
}
}
}
]
}
Reference: Bucket Policy Examples
This approach ensures that all users within the organization have the required access while blocking access from outside the organization.
Latest SOA-C02 Dumps Valid Version with 54 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund